CVE-2024-37358

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache James versions prior to 3.7.6 Apache James versions prior to 3.8.2

Description Apache James is susceptible to a denial of service through the misuse of IMAP literals by both authenticated and unauthenticated users. This could lead to unbounded memory allocation and prolonged computations.

Recommendations For Apache James version prior to 3.7.6, update to version 3.7.6 to restrict illegitimate use of IMAP literals. For Apache James version prior to 3.8.2, update to version 3.8.2 to mitigate the issue.

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770CWE-20

Related Identifiers

BDU:2025-05245

CVE-2024-37358

GHSA-56JP-W6VW-J3JW

Affected Products

Apache James

CVE-2024-37358

Weakness Enumeration

Related Identifiers

Affected Products

References · 16